cancel
Showing results for 
Search instead for 
Did you mean: 

PST GPOs effect on Vault cache files

Mikeydee135
Level 4

Hi

 

i'm importing vast volumes of PST files from multiple sites accross the planet, some offices have very poor netowrk connectivity so transferring files back to the head office will take forever and is an eefectively unworkable solution.

 

my plan is therefore to rather unkindly land a task onto the local/regional IT supportstaff requesting that they copy all PST files to an external HDD, pack it up and courier it to me, i meet the HDD with the PST migration wizzard..... fairly manual but i can see this being a stable and reliable aproach....

....if it wasn't for our users. i won't be able to justify dimsounting and removing access to PST files for the staff in these offices for what is likley to be a few weeks (a week or so to collect all PST office wide, a week of transport, a week or so migrating into EV), most of our users need frequent access to old archived mail and this disruption would be unacceptible to the business. Plan B would be to leave users with a local copy of the PST which will be deleted post migration. this suits much better but we know that our users do not always follow instructions and there is a fear that in the few weeks migration time users may manually archive emails to PST (i've already caught one user locally doing this depsite autoarchiving in outlook being disabled by policy). these emails would then risk permanent loss when the pst is deleted.

 

I'd like to use GPO to set Outlook policies on PST files. there are two that i'm focussing on. "Large PST: Size to disable adding new content" & "Legacy PST: Size to disable adding new content". at first glance this looks like it would be perfect, i can roll this out fairly simply to all domains and, given a few days to take hold this should keep me safe.

 

I've read, however that the *.db files in use by Vault cache, which is a requirement company wide are actually PST files under a different extension and disabling PST usage completely at a later stage will cripple the vault cache. is it also the case that disabling writing to PST files as above would break the vaultcache mechanism or would the Outlook Add-in PST creation mechanism outsmart this?

 

If my worst fears are correct and this won't help me then is there another mechanism i can use to allow user access but ensure that they don't archive anyhting to PST.

1 ACCEPTED SOLUTION

Accepted Solutions

Rob_Wilcox1
Level 6
Partner

IMHO use PSTDisableGrow, and also set the PSTDisableGrowAllowAuthenticodeOverrides.  That stops ALL PSTs being changed.  You can also push out a policy to remove the File -> New Outlook Datafile option.

 

GPO's = good IMHO

 

The alternative is I guess, login scripts.

 

Finally, if you don't set the PSTDisableGrowAllowAuthenticodeOverrides then that will stop the Outlook Addin working.  From 9.0.3 (and 10.0.1) you will be warned about this when Outlook is opened, in much the same was as you being warned if you have RPC / HTTP enabled, and the policy restricts (ie prevents) the use of the Outlook Addin.

Working for cloudficient.com

View solution in original post

5 REPLIES 5

FreKac2
Level 6
Partner Accredited Certified

I think this technote answer your question, at least if you use the PSTDisableGrow mechanism.

http://www.symantec.com/business/support/index?page=content&id=TECH54648

Mikeydee135
Level 4

Hi FreKac

 

 

Thanks for that. is the PSTDisableGrow reg entry better than using the above GPOs with a size of 1KB to prevent adding to files?

 

I know you can push out registry changes by GPO but i'm not as keen on this as it's messier, do you have any suggestions about pushing this worldwide easily and, as importantly, quickly. we also have a mix of Outlook 2003/2007/2010 so the registry entries would need to depend on the version....

 

Rob_Wilcox1
Level 6
Partner

IMHO use PSTDisableGrow, and also set the PSTDisableGrowAllowAuthenticodeOverrides.  That stops ALL PSTs being changed.  You can also push out a policy to remove the File -> New Outlook Datafile option.

 

GPO's = good IMHO

 

The alternative is I guess, login scripts.

 

Finally, if you don't set the PSTDisableGrowAllowAuthenticodeOverrides then that will stop the Outlook Addin working.  From 9.0.3 (and 10.0.1) you will be warned about this when Outlook is opened, in much the same was as you being warned if you have RPC / HTTP enabled, and the policy restricts (ie prevents) the use of the Outlook Addin.

Working for cloudficient.com

Mikeydee135
Level 4

Hi Rob

 

Thanks for the update.

 

do you know of an easy/automated way to apply these keys to many users in offices worldwide where users are running multiple Operating systems (win XP and 7) and multiple office versions (2003/2007 & 2010)

 

this is my difficulty with registry entries where versions of software is relevant and operating systems vary also...

 

Thanks

 

Mike

Rob_Wilcox1
Level 6
Partner

In a GPO you can push out registry keys.

 

The keys are the same no matter which version of Windows.

 

The keys are different depending on the version of Office eg

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook\PST\PSTDisableGrowAllowAuthenticodeOverrides (DWORD) = 1

 

There is nothing stopping you pushing out ALL the registry keys to all clients though.  That way those Windows 7 users who have Office 2007 will work, those with Windows 7 and Office 2010 will work, etc.

Working for cloudficient.com